Error with SSL - AWS RDS - versions >= 0.37.0

[adcreare]

Hi All,

I seem to have run into an SSL/TLS issue that appears to have been introduced in 0.37.0 maybe from this? #458

My environment is as follows.

• dotnet 1.1.x application using MySqlConnector
• AWS Aurora mysql database using IAM roles for authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html)
• AWS Aurora version is: Aurora MySQL 5.6.10a

When including MySqlConnector >= 0.37.0 I receive the following exception:
The specified value is not valid in the 'SslProtocolType' enumeration..

Rolling back to 0.36.0 resolves the issue.

I'm not actually 100% sure why this is happening. From the reading I've done I believe AWS RDS is using the standard mysql tls with a valid public certificate.
As this is mysql 5.6.10 and based on https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport I would suspect that this is using the yaSSL over the Openssl they are using in newer versions.

I'm 100% happy to provide additional traces / information that might help narrow down the cause! Can log an aws support job if additional info is needed on that side.

Full exception:

 info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
 fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[0]
       An unhandled exception has occurred: Couldn't connect to server
 MySql.Data.MySqlClient.MySqlException: Couldn't connect to server ---> 
System.ArgumentException: The specified value is not valid in the 'SslProtocolType' enumeration.
 Parameter name: sslProtocolType
    at System.Net.Security.SslState.ValidateCreateContext(Boolean isServer, String targetHost, SslProtocols enabledSslProtocols, X509Certificate serverCertificate, X509CertificateCollection clientCertificates, Boolean remoteCertRequired, Boolean checkCertRevocationStatus, Boolean checkCertName)
    at System.Net.Security.SslStream.BeginAuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation, AsyncCallback asyncCallback, Object asyncState)
    at System.Net.Security.SslStream.<>c__DisplayClass21_0.<AuthenticateAsClientAsync>b__0(AsyncCallback callback, Object state)
    at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl(Func`3 beginMethod, Func`2 endFunction, Action`1 endAction, Object state, TaskCreationOptions creationOptions)
    at System.Net.Security.SslStream.AuthenticateAsClientAsync(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
    at MySqlConnector.Core.ServerSession.<InitSslAsync>d__71.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at MySqlConnector.Core.ServerSession.<ConnectAsync>d__56.MoveNext()
    --- End of inner exception stack trace ---
    at MySqlConnector.Core.ServerSession.<ConnectAsync>d__56.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at MySqlConnector.Core.ConnectionPool.<GetSessionAsync>d__10.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at MySqlConnector.Core.ConnectionPool.<GetSessionAsync>d__10.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()
    at MySql.Data.MySqlClient.MySqlConnection.<CreateSessionAsync>d__75.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable`1.ConfiguredValueTaskAwaiter.GetResult()
    at MySql.Data.MySqlClient.MySqlConnection.<OpenAsync>d__22.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at MySql.Data.MySqlClient.MySqlConnection.Open()
    at XREDACTEDX.Infrastructure.DataAccess.Implementation.DbCommandWrapper`2.<ExecuteReaderAsync>d__0.MoveNext() in /codebuild/output/src278200167/src/bitbucket.org/XREDACTEDX/XREDACTEDXcore/XREDACTEDXCoreApi/src/XREDACTEDX.Infrastructure.DataAccess/Implementation/DbCommandWrapper.cs:line 78
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at XREDACTEDX.Infrastructure.DataAccess.Implementation.DbConnectionWrapper`2.<ExecuteQueryProcedureAsync>d__5.MoveNext() in /codebuild/output/src278200167/src/bitbucket.org/XREDACTEDX/XREDACTEDXcore/XREDACTEDXCoreApi/src/XREDACTEDX.Infrastructure.DataAccess/Implementation/DbConnectionWrapper.cs:line 139
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at XREDACTEDX.DataAccess.Database.Implementation.BusinessEntitiesDbContext.<SaveBusinessEntityAsync>d__2.MoveNext() in /codebuild/output/src278200167/src/bitbucket.org/XREDACTEDX/XREDACTEDXcore/XREDACTEDXCoreApi/src/XREDACTEDX.DataAccess/Database/Implementation/BusinessEntitiesDbContext.cs:line 76
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at XREDACTEDX.DataAccess.Store.Implementation.BusinessEntitiesStore.<SaveBusinessEntityAsync>d__5.MoveNext() in /codebuild/output/src278200167/src/bitbucket.org/XREDACTEDX/XREDACTEDXcore/XREDACTEDXCoreApi/src/XREDACTEDX.DataAccess/Store/Implementation/BusinessEntitiesStore.cs:line 70
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at XREDACTEDX.Core.Implementation.BusinessEntitiesManager.<SignupBusinessEntityAsync>d__13.MoveNext() in /codebuild/output/src278200167/src/bitbucket.org/XREDACTEDX/XREDACTEDXcore/XREDACTEDXCoreApi/src/XREDACTEDX.Core/Implementation/BusinessEntitiesManager.cs:line 182
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at XREDACTEDX.Controllers.BusinessEntitiesController.<Post>d__4.MoveNext() in /codebuild/output/src278200167/src/bitbucket.org/XREDACTEDX/XREDACTEDXcore/XREDACTEDXCoreApi/src/XREDACTEDX/Controllers/BusinessEntitiesController.cs:line 81
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeActionFilterAsync>d__28.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.<InvokeAsync>d__18.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.AspNetCore.Builder.RouterMiddleware.<Invoke>d__4.MoveNext()
 --- End of stack trace from previous location where exception was thrown ---
    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
    at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext()
 info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
       Request finished in 1061.8103ms 500 application/json
       Request starting HTTP/1.1 POST http://127.0.0.1/api/business/entities application/json 259
 info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
       Executing action method XREDACTEDX.Controllers.BusinessEntitiesController.Post (XREDACTEDX) with arguments (XREDACTEDX.Models.BusinessEntityModel) - ModelState is Valid
 info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
 fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[0]
       An unhandled exception has occurred: Couldn't connect to server

[bgrainger]

The tests are supposed to verify compatibility with .NET Core 1.1 and SSL; that must not be working as intended:

MySqlConnector/.travis.yml

Line 39 in 9c450ed

- echo 'Executing netcoreapp1.1.2 tests with No Compression, SSL' && ../../.ci/use-config.sh config.ssl.json 172.17.0.1 3307 $NAME $OMIT_FEATURES && time dotnet xunit -c Release -f netcoreapp1.1.2

[bgrainger]

Fixed in 0.40.0.